VoIP VULNERABILITIES

CCIP INFORMATION NOTE | ISSUE 06

Matthew Hurley, January 07
VoIP VULNERABILITIES
The following report outlines characteristics of Voice over Internet Protocol (VoIP).
It explains the benefits and history of VoIP. Then it describes current VoIP standards
and the security risks and vulnerabilities that surround the technology. In addition,
particular attention is drawn to Skype, currently the most popular VoIP application
in use today.
Table of contents

Table of Contents

Table of contents���������������������������������������������������������������������������������� 3

Introduction��������������������������������������������������������������������������������������������� 4

VoIP Benefits�������������������������������������������������������������������������������������������� 5

VoIP History���������������������������������������������������������������������������������������������� 6

VoIP Standards���������������������������������������������������������������������������������������� 7

H.323������������������������������������������������������������������������������������������������������������ 8

Session Initiation Protocol (SIP)���������������������������������������������������� 9

VoIP Vulnerabilities����������������������������������������������������������������������������10

Risks & Vulnerabilities Inherited from IP������������������������������ 11

Risks & Vulnerabilities Associated with VoIP����������������������12

Risks & Vulnerabilities Specific to VoIP����������������������������������14

Skype����������������������������������������������������������������������������������������������������������17

Conclusion����������������������������������������������������������������������������������������������19

References�����������������������������������������������������������������������������������������������20

Disclaimer Information�������������������������������������������������������������������21

VoIP VULNERABILITIES | MATTHEW HURLEY 

Introduction

V oIP is defined as the ability to make telephone calls, associated with VoIP, and those specific to VoIP. Firstly,
send faxes and carry out video-conferencing over an overview of the benefits of VoIP.
IP based networks. This is achieved by utilising current
VoIP standards and protocols such as H.323, Session
Initiation Protocol (SIP), and Skype to convert analogue
signals into digital data that can be transmitted over
the Internet. VoIP offers a number of benefits including
increased flexibility and reduced overheads to any
organisation that is willing to change its voice networks
from the traditional circuit switched network to that of
the packet switched network utilised by VoIP.

Even though the traditional Public Switched Telephone

Network (PSTN) has proven to be highly reliable over
the past 135 years, VoIP is seen as a more promising
alternative. This is because VoIP is more effective when
utilizing available bandwidth and also allows for more
efficient network deployment models. Taking the
above into account, it is not hard to understand that
the number of VoIP subscribers has steadily increased
to 18.1 million users worldwide as at the end of
2005 . It has also been projected that the number of
VoIP subscribers will more than double to 47 million
subscribers by the end of 2006 .

Like any new IT service, VoIP has a large number of

inherent and associated security risks and vulnerabilities
that can affect the reliability and availability of an
organisations IT infrastructure. It is also one of the
major issues slowing the uptake of VoIP. Therefore it is
paramount for any organisation looking to incorporate
VoIP to have a total understanding of the threats that
they will be potentially introducing into their IP networks.
This report classifies the risks and vulnerabilities of VoIP
into three categories those inherited from IP, those

 http://clickz.com/showPage.html?page=3623253
 http://lw.pennnet.com/Articles/Article_Display.cfm?ARTICLE_
ID=267354&p=13

 CCIP INFORMATION NOTE - ISSUE 06

VoIP Benefits
T here are two major benefits to any organisation
or business wanting to implement VoIP in their
day-to-day operations. The first major benefits is the
lower costs associated with VoIP when compared to
that of the traditional PSTN. The main reasons VoIP is
considered more economical include:
• Reduced cost of phone calls: The costs of phone
calls via VoIP are minuscule when compared to
equivalent calls made over the traditional PSTN.
This is because VoIP takes advantage of existing
WAN connectivity to remote locations over a
dedicated data network or the Internet, thus
avoiding any long-distance toll-call charges.
• Reduced maintenance and capital costs: VoIP is
based on software rather than purely hardware,
therefore it is easier to alter and maintain.
Furthermore deploying a VoIP network can be
less expensive when compared with the costs
of deploying a Private Branch Exchange (PBX).
• Simplified infrastructure: Because VoIP
utilises the same infrastructure as your data
network its possible to converge the two, thus
simplifying the operation and management of
the network. This is also advantageous from a
cost perspective as a single network can carry
both voice and data.
The financial gain provided by VoIP obviously depends
on the size of the business and how that particular
business operates. One particular business case,
provided by Deloitte’s New Zealand, showed the initial
VoIP setup cost for a medium sized business of 350
employees would be close to $225,000. This figure
includes an incremental capital investment of $125,000
as it would approximately cost $100,000 to replace the
existing analogue system. Once installed the system
VoIP VULNERABILITIES | MATTHEW HURLEY
would facilitate call savings of at least $5,000 dollars
a year. However consultants in the industry state that
call savings are only a small part of the overall benefits
gained by a VoIP system. The major benefits come from
the simplified infrastructure and with it the reduced
management and maintenance costs.
The second major benefit of VoIP is increased flexibility
and location independence. These additional benefits
emphasize the advantages to be gained by any
organisation implementing the technology and show
that VoIP is more than simply just a way to reduce
expenditure. They include:
• Improved flexibility: VoIP allows for new helpful
features like ‘click-to-call’ that enable a user to
simply click a URL while browsing a web page
that will initiate a call over a VoIP network to an
attendant.
• Improved productivity: A Virtual Private Network
(VPN) combined with VoIP can be used to set
up a fully functioning office anywhere there
is a broadband connection. Furthermore VoIP
treats voice as if it were any other kind of data, so
users can attach documents to voice messages
or participate in virtual meetings using shared
data and videoconferencing.
• Location Independence: This allows an
individual to have incoming phone calls
automatically routed to their office or personal
VoIP phone number regardless of location. This
is because when using a VoIP network, the user
only needs to be able to register their location
with the VoIP server to be able to receive calls.

VoIP History

T he history of VoIP dates back to 1964 when Paul

Baran wrote the first paper on secure packetised
voice. However, it was not until thirty-one years later in
1995 that the first internet phone software ‘Vocaltec’
was released. Coincidently it was in May of the same
year that the International Telecommunications Union
(ITU) initiated work on the H.323 standard. The next
major development in VoIP occurred in September
of 1999 when work was commenced on the popular
SIP by the Internet Engineering Task Force (IETF). SIP
was then accepted as a 3rd Generation Partnership
Project (3GPP) signalling protocol in November 2000.
The following year Microsoft incorporated VoIP into
Windows XP Messenger using SIP. This was closely
followed by the founding of Vonage, which is a leading
provider of broadband telephone services with over 2
million subscribers in 2006. The last major development
in VoIP came in August of 2003 with the release of
Skype.

 CCIP INFORMATION NOTE - ISSUE 06

VoIP Standards

There are two major non proprietary standards used for VoIP
communications by many VoIP software applications. They are H.323
and Session Initiation Protocol (SIP).

VoIP VULNERABILITIES | MATTHEW HURLEY 

H.323

H .323 is a protocol suite specified by the ITU

that lays a foundation for IP based real-time
communications including audio, video and data.
H.323 was designed to handle call setup and tear-down
functions and can use both TCP and UDP as a transport
mechanism. Security within the H.323 protocol is
achieved by the H.235 protocol, which incorporates
four security goals including authentication, integrity,
privacy, and non-repudiation. These goals are provided
through four mechanisms, namely: configuration,
authentication, key exchange, and encryption.

Security concerns within H.323 arise as many of the

protocols use random ports causing problems securing
them through firewalls. This may be mitigated by using
direct routed calls, however since the ports required for
H.323 are not defined, a filtering firewall would require
all possibly-needed ports left open, thus allowing
multiple entry points to be exploited by malicious
users.

 CCIP INFORMATION NOTE - ISSUE 06

Session Initiation Protocol (SIP)

S ession Initiation Protocol is a signalling protocol

specified by the IETF, used to set up and tear down
two-way communications sessions. Security in SIP is
SIP’s registrations and communication mechanisms. It
is possible to resolve NAT issues when using VoIP but
this usually requires innovative solutions.
similar to H.323 and aims to achieve confidentiality,
message integrity, non-repudiation, authentication
and privacy. SIP has a security advantage over H.323
as it uses only one port (traditionally TCP and UDP
port 5060). However because SIP operates at the
application level, no new security mechanisms were
created. Instead SIP’s security is achieved by utilising the
security mechanisms provided by HyperText Transfer
Protocol (HTTP), Simple Mail Transfer Protocol (SMTP),
and Internet Protocol Security (IPSec).

One of the main security concerns for SIP are that

HTTP Digest does not provide adequate integrity, and
spoofing of the header would be easily accomplished
without employing S/MIME (Secure/Multipurpose
Internet Mail Extension). The use of S/MIME for
encryption also adds another issue as it uses public key
infrastructure, thus making it difficult for users moving
between devices as certificates are associated with
users. Lastly the text encoding of SIP makes it easier to
analyse using standard parsing techniques. The security
issues of SIP are highly apparent as there has been over
20,000 uniquely identifiable threats launched against
SIP networks in the last two years.

A common security issue for both VoIP standards comes

through the use of NAT (Network Address Translation).
NAT poses a problem for both H.323 and SIP as it is
designed to hide the IP address on the internal network
from the public network. Thus causing a disruption
firstly, in the ‘setup next’ procedure used by each
protocol within the H.323 suite and secondly, inhibiting

 G. S Sipera, Comprehensive VoIP Security for the Enterprise: Not Just

Encryption & Authentication, Sipera (March 2006)

VoIP VULNERABILITIES | MATTHEW HURLEY 

VoIP Vulnerabilities

As VoIP is an IP based technology that utilises the Internet it also inherits all
associated IP vulnerabilities. The impact of these Internet-borne attacks is
then multiplied by the VoIP architecture as it adds a number of additional
weaknesses, which require futher work to secure and maintain. Furthermore,
as with adding any new service to an inadequately secured environment,
is like piercing holes in an already-leaky boat. The following paragraphs
describe the risks and vulnerabilities of VoIP that are firstly, inherited from
IP, secondly, associated with VoIP, and lastly, specific to VoIP.

10 CCIP INFORMATION NOTE - ISSUE 06

Risks & Vulnerabilities Inherited from IP
Poor Architectural Design
Poor or inadequate architecture
can lead to ongoing difficulties in
the operation and security of a VoIP
system. Firewalls are particularly
vulnerable areas in a VoIP network
as they require additional ports to
be opened to facilitate VoIP traffic.
Non VoIP-aware firewalls may lack
dynamic interaction with VoIP so
they simply leave a range of ports
continually open for call activity.
VoIP VULNERABILITIES | MATTHEW HURLEY
PBX Hosts & Gateways
Most service interceptions and
eavesdropping attacks will usually
require the compromise of a PBX
as a means of network access. A
compromised host or gateway
can facilitate this by capturing
voice packets to reveal information
on all calls, call duration, and call
parameters. This information will
permit the mapping of VoIP, and
possibly the supporting data
networks.
Replay Attacks
A replay attack can be mounted
against a VoIP network by
retransmitting a legitimate session
so that the recipient device
reprocesses the data. The basis
of a replay attack is to capture
a valid packet, which can then
be replayed into the network.
This generally causes the target
network to respond and provide
more traffic to capture, eventually
providing enough information
to move to packet spoofing and
masquerading, or simply finding an
entry point into the target network
for eavesdropping.
For example a replay attack could
be used to gain access to a network
by capturing and replaying a valid
user ID and password, even though
the captured data is encrypted and
the attacker was unable to decrypt
it.
11
Risks & Vulnerabilities Associated with VoIP

Packet Spoofing & Fuzzing Reconnaissance Attacks

Masquerading Fuzzing is a legitimate method of Reconnaissance Attacks are a form
Packet spoofing uses IP packets testing software systems for bugs of intelligence gathering where
with a false source address that may and is accomplished by providing networks are probed to ascertain
be used for: an application with semi-valid input their vulnerabilities. Methods used
to see what its reaction will be. This to achieve this include call walking
• obscuring the origin of the
technique can be employed to and port scanning and are the first
packet
exploit vulnerabilities in a target action undertaken by an attacker
• implicating another site or host
VoIP system and is achieved by when attempting to penetrate a
as the attack originator
sending messages so that the network. A successful probe would
• masquerading as a trusted host
target system will assume the determine the behaviour of the
• interception or hijacking of
sent content is valid. In reality, the network’s equipment, users, and
network traffic
message is ‘broken’ or ‘fuzzed’, thus services that might be available
• directing responses to another
causing various failures to occur to be exploited or disrupted. This
host or system
when the target system attempts information could then be used to
• undertaking man-in-the-middle
to parse or process it. Resultant launch a focused attack against the
spoofing attacks
failures can include application network.
A major risk associated with packet delays, information leaks, and
spoofing and masquerading is system crashes.
identity theft. For example a man-
in-the-middle spoofing attack, as
shown in Figure 1, can be launched
when a person makes a call, which
includes sensitive information. As a
result of the attack they may speak
to the intended recipient however,
their call is being monitored by Intended Call Flow

malicious users.
Re w
su
ltin Flo
gC all
Caller A all in gC Caller B
Flo lt
w su
Re

Malicious User

12 CCIP INFORMATION NOTE - ISSUE 06

Risks & Vulnerabilities Associated with VoIP continued
Reliability & Availability
Challenges
To achieve constant real time voice
communications, VoIP places a high
priority on Quality of Service (QoS).
However the reliability of voice and
data networks is closer to 99.9%,
which compares poorly against
the 99.999% reliability that people
have come to expect from the
traditional PSTN. Even though this
doesn’t appear to be a significant
difference it equates to an additional
downtime of 8.7 hours each year for
VoIP. This could ultimately lead to
the loss of human life if emergency
services were required during this
outage window.
DoS Attack on End Point
Malicious User VoIP Phone
VoIP VULNERABILITIES | MATTHEW HURLEY
Denial of Service (DoS)
DoS and Distributed Denial of Service (DDoS) attacks occur when a
malicious user deliberately sends an exceedingly large amount of random
messages to one or more VoIP end-points from either a single location
(DoS) or from multiple locations (DDoS), as shown in Figure 2. Multiple
locations are achieved through the use of zombies (compromised machines
that could be woken upon request and used for malicious purposes). The
DoS attack is successful when the amount of incoming messages exceeds
the processing capacity of the target system, thereby exhausting system
resources and thus, denying services to the end-users.
VoIP systems are especially vulnerable to DoS and DDoS attacks because of
the high fundamental requirement that they place on QoS. Therefore less
traffic or network disruption is required for a DoS attack to be successful
when compared to mounting a DoS attack against a data network. A
further consideration is needed where VoIP and data share the same
network. Here the data network could also be subject to the same DoS
attack. Examples of VoIP specific DoS attacks include identity spoofing and
cancellation of pending call set up signals, also known as the SIP CANCEL
DoS attack.
DDos Attack on Call Server
Malicious User VoIP Server
Zombies
13
Risks & Vulnerabilities Specific to VoIP

CID Spoofing Phone Impersonation

One type of masquerading is based on the manipulation of Caller ID (CID), Phone impersonation occurs
which is used to identify the caller before answering, and is known as CID due to the weak authentication
spoofing. The CID is based on reported information from different carrier process attributed to VoIP. There
switches and is specified by the switch administrator in a VoIP environment. are two major contributors that
This allows an attacker to spoof their CID information with a text string or consolidate this fact. Firstly, there is
phone number they specify and could be used to give credibility to various a limited human interface available
malicious users undertaking social engineering attacks. for VoIP phones, limiting users to
the selection of a numeric PIN for
In addition to this, the option for CID privacy (i.e. the ability to obscure
their password in lieu of a strong
your phone number from the CID display) is not possible with VoIP, since
password based on the entire
the phone number is included in the SIP and H.323 header. This allows any
ASCII character set. Secondly, and
attacker with a IP packet sniffer, such as tcpdump, to discover the remote
this is related to the SIP standard,
caller’s phone number, even if their number has been marked as private by
the authentication mechanism is
their service provider. Further, there are a number of CID spoofing service
based on the MD5 algorithm. An
providers in the US that, for a small fee, allow users to choose the number
attacker who can sniff the entire
they are calling from.
SIP authentication exchange
A recent example of CID spoofing was reported by SpoofCard.com, which is cannot observe the password
a company that sells enhanced calling cards that provide the CID spoofing sent in plain text, but can observe
ability. Coincidently 50 customer’s accounts were cancelled, including enough information to mount an
Paris Hilton’s, due to customers abusing the CID spoofing feature to break offline dictionary attack against
into other peoples voice-mail accounts, listen to their messages, and even the password. The combination of
change the targeted user’s greetings . 
these weaknesses allows passwords
to be easily obtained by an attacker
and then used to impersonate a
phone or user.

 http://voipsa.org/blog/2006/08/28/paris-hilton-hacker-extraordinaire/

14 CCIP INFORMATION NOTE - ISSUE 06

Risks & Vulnerabilities Specific to VoIP continued
Eavesdropping
Eavesdropping is the unauthorised
interception of voice packets or Real
Time Protocol (RTP) media streams,
and the decoding of signalling
messages. It is a relatively simple
attack to administer and tools such
as network protocol analysers,
sniffers and packet capture tools
are freely available on the Internet.
Wireshark is an example of a
tool that can be used to capture
VoIP traffic and reconstruct VoIP
conversations.
A real world example of
eavesdropping was publicised in
July of 2005 where flaws were found
in Cisco’s CallManager VoIP software.
The flaw could be exploited by
sending specially crafted packets to
the Cisco CallManager that allowed
an attacker to create a heap overflow
and ultimately enable him to mount
an eavesdropping attack.
 http://www.techweb.com/wire/
security/165702369
VoIP VULNERABILITIES | MATTHEW HURLEY
Call Hijacking & Redirection
Call hijacking and redirection occurs when a call intended for one user
is redirected to another. To achieve this, an attacker only needs to have
knowledge of the user’s authentication credentials in order to impersonate
and receive all calls intended for that user. Methods including spoofing of a
node, man-in-the-middle attacks, and manipulation of call requests using
signalling response codes make call hijacking and redirection relatively
easy to instigate. Further to this, VoIP features including call forwarding and
‘follow-me’ also help facilitate the ability to route calls to specific phone
numbers.
Call hijacking and redirection can also be used for financial gain. For example,
call hijacking can be targeted by cyber-criminals who resell the calls. This is
sometimes used as a money laundering channel from which organisations
would only see an increase in bandwidth usage together with increased
costs. Similarly, call redirection may also transit another system to collect
data for later analysis or simply as a revenue gathering mechanism. In this
case, the consequences may include the loss of sensitive information and
service disruption.
Call hijacking was recently discovered in Miami by the US Federal
government. In this particular case Edwin Pena sold discounted Internet
phone services by hacking into other Internet phone providers and
piggybacking connections through their networks unbeknown to them.
In one three-week period a particular Internet phone provider received
about 500,000 calls that were made to look like they had come from the
investment company Rye Brook. Because of this, the victimised Internet
phone provider was left having to pay $300,000 in connection fees for
routing the phone traffic to other carriers without receiving any revenue
for the calls.
 http://voipsa.org/blog/2006/06/07/hacker-cracks-net-phone-providers-for-gain/
15
Risks & Vulnerabilities Specific to VoIP continued

VoIP Spam these. The above paragraphs also emphasize the fact
VoIP SPAM or Spam over Internet Telephony (SPIT) is the that organisations that chose a simplified infrastructure
unsolicited and unwanted bulk messages broadcast for both voice and data could experience disruptions to
over VoIP to particular end users. Not only could this their data networks if an attack was launched against
be extremely annoying (especially when time zones their more vulnerable VoIP network.
are taken into consideration), it also has the potential to
VoIP is a relatively new technology and research
be rather costly where for example, calls are forwarded
regarding its security is very young, in fact it is said
to mobile phones. Another issue arises with SPIT and
to be at the tip of the iceberg. Therefore as additional
the fact that high-volume bulk calls routed over IP are
research is carried out and new vulnerabilities are
very difficult to trace and have the inherent capacity
discovered, it would be important for an organisation
for fraud, unauthorised resource use, and privacy
to consider separating the data and VoIP networks in
violations.
order to avoid a potential business and or operational
Voice mail bombing is a form of SPIT where multiple catastrophe.
(this may entail hundreds or even thousands of) voice
The following paragraphs will look at Skype, which
mail messages flood voice mail boxes. This attack could
is the most commonly used VoIP application on the
result in service disruption or a denial of service attack.
market today.
The first real wide spread phishing attack utilising
VoIP was launched in June 2006 against customers of
the Santa Barbara Bank & Trust in Southern California.
Targets of the scam were sent an official looking email
warning them that their bank account had been locked
as a security measure and asked that the recipient call
the supplied number to verify the account and user’s
identity. When customers called the number they were
greeted with an automated voice system requesting
that they enter their account number and other
personal information.

The above paragraphs explain three different groups

of risks and vulnerabilities that can affect the security
of a VoIP service or network. They also show that any
organisation wanting to utilise this technology needs
to be strongly aware of the issues surrounding it and
have appropriate security polices in place to mitigate

 http://www.eweek.com/article2/0,1895,1985966,00.asp

16 CCIP INFORMATION NOTE - ISSUE 06

Skype
S kype is a proprietary VoIP system developed by
Skype Technologies and released in August 2003.
It is the software of choice in the UK, being used by
48% of VoIP users. Skype, which recorded a record
high of 8 million users online at one time in November
2006, utilises a Peer-to-Peer architecture that relies on a
central authentication sever to authenticate users and
software distributions. In addition to this, both user
identities and software distributions are digitally signed
by an RSA private key. The resulting RSA public key is
embedded into every Skype executable and thus,
provides the basis for voice encryption.
Skype does differ considerably from SIP and H.323 in
the way that it connects clients that are sitting behind
firewalls. In order to initiate a connection, Skype creates
a rendezvous point, also known as a super-node, which
ensures NAT’ed users can communicate with each
other. A super-node is a computer operating on a public
IP address that has the ability to proxy connections to
the Skype clients behind the more restrictive firewalls.
Further to this, the total amount of load placed on a
network when a machine becomes a super-node is
unknown and it also has the ability to interfere with
a business’s applications and services. One publicised
example showed that while a user’s machine was
acting as a super node, Skype was utilising 100kbps
of the company’s bandwidth for both upload and
download dataflows.
Super-nodes are not the only concern of the Skype
protocol. Security is also a major concern, the key
properties being; privacy, authenticity, availability,
survivability, resilience, and integrity (of conversation
and system).
 http://www.eweek.com/article2/0,1895,1985966,00.asp
 http://www.voipwiki.com/blog/?p=30
VoIP VULNERABILITIES | MATTHEW HURLEY
However, there are a number of other factors that
affect the security of Skype. Firstly, the security of
Skype depends on the security of the computer and
network on which Skype is running. Secondly, because
Skype uses a proprietary protocol, the only sources
of information regarding any security weaknesses are
statements from the company and publicly disclosed
vulnerabilities. Thirdly, because Skype is mostly a peer-
to-peer system, the overall security can be affected by
third parties that are unknown to those in a particular
phone conversation. The latter is possible as problems
have been identified in Skype’s encryption format,
which firstly, allows the execution of man-in-the-middle
attacks and secondly, enables the ability for a worm to
be hidden in the encryption during transmission10.
These are not the only concerns that affect the security
of Skype. Another issue arises in Skype because it is ‘port-
agile’ meaning that if a firewall port is blocked, Skype will
seek other open ports to establish a connection. This
feature would also allow an attacker, if a vulnerability
was exploited, to use the application to gather further
information about machines on a network. Therefore,
Skype could provide a back door into otherwise secure
networks for worms, Trojans, and viruses11.
In addition to the above, it was recently shown that
Skype could provide botnet controls that could enable
a better way for controlling zombies. What is concerning
about this for an organisation is that any attack (for
example a DoS attack) resulting from this technology
may be virtually impossible to identify the perpetrator.
This is because Skype uses proprietary technology and
encrypted data traffic that cannot be easily monitored.
10 http://www.skypejournal.com/blog/archives/2005/11/five_reasons_
not_to_block_skype_1.php
11 http://computerworld.co.nz/news.nsf/news/
1C31DD62E610104ACC2570B40016C985
17
Skype continued

This potential concern could be mitigated by a small

group of Chinese engineers who have proved that
they have reverse engineered Skype. The redesigned
software has a different GUI than the traditional Skype
application and can be used to discover the IP address
and physical location of the Skype user who you are
calling12.

Even though Skype has a number of key features,

including privacy, authenticity, availability, survivability,
resilience, and integrity, in place to ensure its security,
the above paragraphs clearly outline that these are far
from foolproof. In addition it has also been identified
that Skype’s own functionality used to provide its high
quality service can also be used for malicious purposes.
Also, the concept of hosting a super-node is far from
desirable for any organisation that values its bandwidth.
Therefore it is important for an organisation to fully
understand the security risks of Skype when choosing
to use it as their main VoIP application.

12 http://www.voipwiki.com/blog/?p=26

18 CCIP INFORMATION NOTE - ISSUE 06

Conclusion

V oIP offers a number of benefits to any organisation

considering implementing it into its day-to-
day operations. At the time of writing, organisations
have the choice of two VoIP standards and one
proprietary protocol (H.323, SIP, and Skype) that can
be utilised for lowering the costs of daily operations
and increasing flexibility. However, any organisation
that has implemented or is looking to implement VoIP
needs to be aware of the security issues surrounding
the technology. Phone impersonation, reconnaissance
attacks, eavesdropping, SPIT, call hijacking and
redirection, and identity theft are only a few of the
possible risks and vulnerabilities that a malicious
person can mount against an organisation’s VoIP
service. Therefore, it is important organisations carry
out the appropriate security measures to ensure the
confidentiality, integrity, and availability of their VoIP,
and in some cases, data networks.

VoIP VULNERABILITIES | MATTHEW HURLEY 19

References

1. S. Garfinkel, VoIP and Skype Security, Skype

Security Overview – Rev 1.6 (May 2005)

2. J. Waldron , VoIP Security Essentials, Black Hat

Briefings
http://www.blackhat.com/presentations/bh-usa-
06/BH-US-06-Waldron.pdf

3. Dr. T. Porter, H.323 Mediated Voice over IP:

Protocols, Vulnerabilities & Remediation
http://www.securityfocus.com/print/
infocus/1782

4. Cyber Security Industry Alliance, Cyber Security

for IP Telephony, Findings & Recommendations
(May 2005)

5. C. Roberts, Voice Over IP Security, Centre for

Critical Infrastructure Protection (May 2005)

6. Sipera, Comprehensive VoIP Security for the

Enterprise: Not Just Encryption & Authentication,
Sipera (March 2006)

7. Whichvoip, The History of VoIP

http://www.whichvoip.com/voip/articles/voip_
history.htm

8. Dr. R. Kuhn, T. J. Walsh, S. Fries, Security

Considerations for Voice Over IP Systems, NIST SP
800-58

9. VoIP – Standards and Protocols

http://www2.rad.com/networks/2001/voip/prtcls.
htm

10. G. S. Tucker, Voice Over Internet Protocol (VoIP)

and Security, SANS Institute (October 2004)

11. Systems & Network Attacks Centre (SNAC),

Security Guidance for Deploying IP Telephony
Systems, NSA (February 2006)

20 CCIP INFORMATION NOTE - ISSUE 06

DISCLAIMER INFORMATION

While this publication is accurate to the best of our knowledge, CCIP does not accept any
responsibility for errors or omissions. CCIP will not be liable for any loss or damage howsoever
caused, arising from or in connection with the use of information contained in this publication.

Reference in this publication in any manner to any commercial product, process or service does not
constitute or imply its endorsement or recommendation by CCIP. Views and opinions expressed
herein may not be used for advertising or product endorsement purposes.
 CENTRE for CRITICAL INFRASTRUCTURE PROTECTION
www.ccip.govt.nz | ph: +64 4 498-7654 | fax: +64 4 498-7655
PO Box 12-209, Wellington , New Zealand